Icinga2 reporting error – Invalid filter / can’t generate report

I installed reporting module on our Icinga2 monitoring system, so I would be able to generate some SLA report for one of our client which has a lot of servers. I installed the module and wanted to make the filter so that the report would be generated only for hosts with “example” string in hostname.

In Icinga2 documentation, this is done simply with match function, like this:

match("*example*",host.name)

This gave me error:

Invalid filter "match("*example*",host.name)", unexpected ( at pos 6 (Parser.php:561)

#0 /usr/share/icinga-php/ipl/vendor/ipl/web/src/Filter/Parser.php(285): ipl\Web\Filter\Parser->parseError()
#1 /usr/share/icinga-php/ipl/vendor/ipl/web/src/Filter/Parser.php(88): ipl\Web\Filter\Parser->readFilters()
#2 /usr/share/icinga-php/ipl/vendor/ipl/web/src/Filter/QueryString.php(44): ipl\Web\Filter\Parser->parse()
...

I also tried “host.name=*example*” with empty response.
To do this properly, you must create your filter like below and it should work:

host.name~*example*

check_eximailqueue: query returned no output! [FIX]

If you are icinga/nagios user and dealing with exim, you probably know for wonderful plugin check_eximailqueue. This plugin warns you when there are specific amount of email in your exim mail queue. Usually this indicates spam.

I installed this plugin on CentOS 7 with Directadmin installed. When I was executing plugin locally, it worked fine. But when I tried to execute it remotely (from Icinga server), it failed.

This was error returned when executing from Icinga server:

> # /usr/local/libexec/nagios/check_nrpe -H my.serverhostname.com -c check_exim_queue
Mailqueue WARNING - query returned no output!

I added “nagios  ALL=(ALL) NOPASSWD:/usr/sbin/exim” to my /etc/sudoers file but error still persisted. I manually set Exim and sudo path in script. Error was still there.

If you check your nrpe process, you’ll see that it runs by nrpe user and not nagios!

[root@da ~]# ps -aux | grep nrpe
 nrpe 26993 0.0 0.0 46356 1460 ? Ss 10:44 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d

Solution is very simple. Just change “nagios ALL=(ALL) NOPASSWD:/usr/sbin/exim”  to “nrpe ALL=(ALL) NOPASSWD:/usr/sbin/exim”  in your /etc/sudoers – replace user nagios with nrpe. It should work.

I hope it helps 🙂

Icinga/Nagios plugin for http brute force detection

When dealing with web servers where there are a lot of web sites, especially WordPresses, Joomlas etc., it is very common problem to dealing with flood/brute force attacks. One of most common for example, is generating massive requests on wp-login.php, or xmlrpc.php. With brute force, attackers goal is usually gaining access to administration. This is the simplest kind of method to gain access. Idea is very simple, attacker tries with a lot of different passwords and usernames, until it gets it right. Those operations of course, are automated by bots, scripts.

This can be very damaging for your server as it consumes a lot of memory. Every request means that someone just visited your website. When there is a script with bad intentions visiting your site, that means a lot of requests. Most modern web pages, every request like this, also makes database query. In most cases, server will become unresponsive, system will run out of memory, swap will fill up, mysql will stop responding.. This also means, that all websites on your server will stop working. In many cases, you’ll have to reboot your server to make it responsive again. Of course, there are systems that don’t allow this, like Cloud Linux with its LVE. One of great practices is to lock your administration to some static IP. There different ways.

Continue Reading

© 2024 geegkytuts.net
Hosted by SIEL


About author